防止在asp.net core 2中多次登录 [英] prevent multiple login in asp.net core 2
问题描述
美好的一天,
由于 IdentityOption 中没有 SecurityStampValidationInterval ,因此我如何验证安全戳以防止在 Asp.Net Core 2 中从单个用户多次登录.
How do i validate security stamp to prevent multiple login from single user in Asp.Net Core 2 as there's no SecurityStampValidationInterval in IdentityOption.
提前谢谢.
推荐答案
我已经使用Microsoft.Extensions.Caching.Memory.IMemoryCache来实现相同的功能.(将用户名存储在缓存中)
I have used Microsoft.Extensions.Caching.Memory.IMemoryCache to implement the same. (Stored the usernames in cache)
登录时(我们可以在验证密码之前执行此操作)步骤1:将内存缓存用作控制器的DI.
At the time of login (we can do this before validating the password) Step 1: Use Memory Cache as DI to the controller.
private IMemoryCache SiteCache = null;
public LoginHelper(IMemoryCache Cache)
{
SiteCache = Cache;
}
第2步:
在登录验证中,如果用户已经存在于缓存中,请运行此检查.
In your login validation, run this check, if the user already exists in cache.
private bool VerifyDuplicateLogin(string UserName, bool InsertKey)
{
String sKey = UserName.ToLower();
String sUser = Convert.ToString(SiteCache.Get<string>(sKey));
if (string.IsNullOrEmpty(sUser))
{
if (InsertKey)
{
string cookieTimeout = appSettingsData.LoginCookieTimeout;
int timeout = (string.IsNullOrEmpty(cookieTimeout)) ? 3 : int.Parse(cookieTimeout);
int sessionTimeOut = 5; // HttpContext.Current.Session.Timeout;
sUser = string.Format("{0}^^^{1}", sKey, DateTime.Now.AddMinutes(sessionTimeOut).ToString("yyyy-MM-dd HH:mm:ss"));
// No Cache item, so session is either expired or user is new sign-on, Set the cache item and Session hit-test for this user
TimeSpan SlidingTimeOut = new TimeSpan(0, 0, timeout, 0, 0); //(HttpContext.Current.Session.Timeout / 2)
MemoryCacheEntryOptions cacheOptions = new MemoryCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = SlidingTimeOut
};
SiteCache.Set(sKey, sUser, cacheOptions); //OnCachedItemRemoved
session.LoggedInUser = sKey;
}
//Let them in - redirect to main page, etc.
return false;
}
else
{
// cache item exists, means... "User already in"
return true;
}
}
第3步:注销时使用以下方法从缓存中删除用户名
Step 3: Use the following method at the time of log out to remove the username from cache
public void RemoveLogin(string userName)
{
//Clear the cache
if ((!string.IsNullOrEmpty(userName)) && SiteCache != null)
{
String sUser = Convert.ToString(SiteCache.Get<string>(userName));
if (!string.IsNullOrEmpty(sUser))
{
SiteCache.Remove(userName.ToLower());
session.LoggedInUser = "";
}
}
}
自从我使用了内存缓存后,每当服务器重置以及应用程序重置时,用户缓存也会被重置,我们可以得到快速响应.
Since I used the Memory cache, whenever the server reset, along with the application, user cache also gets reset and we can get a quick response.
我们可以使用数据库来实现相同的功能,以临时方式和类似的逻辑来存储已登录的用户,但是我觉得这种方法更快捷,更省力.
We can implement the same using Database to store the logged users in a temporarily and with the similar logic, but I felt this approach is little quicker and smother though.
此方法的一个缺点是,如果用户关闭浏览器并希望立即重新登录,则他将在用户已经登录时得到响应(意味着他将被锁定,直到缓存密钥过期为止.(我们必须小心当我们设置过期超时时
One drawback with this approach is, if the user closes the browser and wish to log back immediately, he will get a response as user already logged in (means he gets locked until the cache key expires. (We have to be careful while we set expire timeout)
谢谢
这篇关于防止在asp.net core 2中多次登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!